tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Bailey" <Bill.Bai...@northlandchurch.net>
Subject RE: AJP Connector - Problems Proxying HTTPS Connections
Date Mon, 05 Feb 2007 16:47:35 GMT
Thanks for your suggestions. However, I still have the same problem.

I removed the NameVirtualHost entry for port 443, removed the port from
the ServerName, removed the DocumentRoot and ServerAlias completely, and
added the / to both the ProxyPass and ProxyPassReverse entries after
removing the Location element (I should mention that I had tried that
previously and then changed to the single argument version inside a
Location / element as an experiment which, by the way, works fine as
long as the connection is via port 80). In fact, several of the things I
changed this time around were introduced by my desperation to find some
combination that works.

I still get the same problem. If I connect to https: I am immediately
redirected to the http: version of the URL. If the port 80 virtual host
is set up under Apache HTTPD it processes it and if not, I get an error
saying Apache could not find whatever file I'm trying to access.

I also want to emphasize that the connection to Apache via SSL is
working fine. I see the entries in the log files indicating Apache got
the request. I can even see in the Tomcat logs where Apache forwarded
the request on the port specified in the ProxyPass directives. But ... I
can also see an entry in the Tomcat log where it appears to send a
redirect using http: as the scheme. Thus, my conclusion that it is my
Tomcat configuration rather than my Apache HTTPD configuration that is
the cause of the problem.

I have pasted the latest fragments of the Apache HTTPD configuration
files below in case I've still missed the point of one or more of your
comments.

The only change to the Tomcat configuration is the addition of a
separate AJP connector specifically for the unsecured connection.

Thanks for any additional ideas or input.

Apache HTTPD Configuration Fragments
========================================================================
====

##
## SSL Virtual Host Context
##
<VirtualHost 172.30.90.2:443>

	# General setup for the virtual host

    	ServerName www.resourcepoint.org
    	ErrorLog logs/resourcepoint-ssl-error_log
    	CustomLog logs/resourcepoint-ssl-access_log common

    	<Directory "E:/Apache2/vhosts/resourcepoint">

		... directory stuff here ...

    	</Directory>

    	ProxyPass / ajp://127.0.0.1:8009/
    	ProxyPassReverse / ajp://127.0.0.1:8009/

	... SSL stuff here ...

</VirtualHost>

Just in case it helps, here is the port 80 virtual host configuration
which works just fine.

#
# Use name-based virtual hosting.
#
NameVirtualHost 172.30.90.2:80

#
# VirtualHost
#
<VirtualHost 172.30.90.2:80>

    ServerName www.resourcepoint.org:80
    DocumentRoot E:\Apache2\vhosts\resourcepoint
    ServerAlias www.resourcepoint.org:80
    ErrorLog logs/resourcepoint-error_log
    CustomLog logs/resourcepoint-access_log common

    <Directory "E:/Apache2/vhosts/resourcepoint">
	
	... directory stuff here ...

    </Directory>

    # Note that this approach with single argument
    # nested in a Location element works just fine
    # for the non-SSL, port 80 virtual host.

    <Location / >

   	ProxyPass ajp://127.0.0.1:8010/
    	ProxyPassReverse ajp://127.0.0.1:8010/

    </Location>

</VirtualHost>

Tomcat Configuration (Server.xml)
======================================================================

  <Service name="Catalina">

    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->

    <Connector port="8888"
		   address="127.0.0.1"
               maxHttpHeaderSize="8192"
               maxThreads="150" 
               minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" 
               redirectPort="8443"
               acceptCount="100"
               connectionTimeout="20000" 
               disableUploadTimeout="true" />

    <!-- Define an AJP 1.3 Connector on port 8009 -->
         
    <Connector port="8009" 
		   address="127.0.0.1"
               enableLookups="false"  
               protocol="AJP/1.3" 
		   secure="true"
		   scheme="https"
		   proxyName="www.resourcepoint.org" 
		   proxyPort="443" />

    <Connector port="8010" 
		   address="127.0.0.1"
               enableLookups="false"  
               protocol="AJP/1.3" 
		   secure="false"
		   scheme="http"
		   proxyName="www.resourcepoint.org" 
		   proxyPort="80" />

    <!-- Define the top level container in our container hierarchy -->

    <Engine name="Catalina" defaultHost="www.resourcepoint.org">

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />

      <Host name="localhost" appBase="webapps" />

      <Host name="www.resourcepoint.org" 
            appBase="E:\webapps\resourcepoint"
            unpackWARs="true" 
            autoDeploy="true"
            xmlValidation="false" 
            xmlNamespaceAware="false">

		<Context path="" docBase="ROOT" debug="1"/>

		<Logger
className="org.apache.catalina.logger.FileLogger"/>
	</Host>

    </Engine>

-----Original Message-----
From: Hassan Schroeder [mailto:hassan.schroeder@gmail.com] 
Sent: Monday, February 05, 2007 11:11 AM
To: Tomcat Users List
Subject: Re: AJP Connector - Problems Proxying HTTPS Connections

On 2/5/07, Bill Bailey <Bill.Bailey@northlandchurch.net> wrote:

To start with --

> Apache Virtual Host Configuration Fragment

> NameVirtualHost xxx.xx.xx.x:443

NameVirtualHosting and SSL don't go together -- yank that

> <VirtualHost xxx.xx.xx.x:443>

Put the real IP that belongs to the SSL cert there

>       ServerName www.resourcepoint.org:443
>
>       DocumentRoot E:\Apache2\vhosts\resourcepoint
>
>       ServerAlias www.resourcepoint.org:443

The server name and alias should not have the port # appended
In the example, the name and alias are the same, which makes no
sense. And if you're proxying everything, you don't need to specify
a DocumentRoot. However,

>             ProxyPass ajp://127.0.0.1:8009/
>             ProxyPassReverse ajp://127.0.0.1:8009/

that's wrong -- those two directives take two arguments, e.g

   ProxyPass / ajp://127.0.0.1:8009

Fix those, and make sure your config files at least passes the config
test ( $APACHE_HOME/bin/apachectl -t )

HTH!
-- 
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message